<div class="gmail_quote">On Mon, Aug 17, 2009 at 12:00 PM, Alexander Kraev <<a href="mailto:alexander.kraev@gmail.com">alexander.kraev@gmail.com</a>> wrote: <blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"> Hi, It depends on web-server architecture and how many sites you are going to run inside /var/www. root:root is good for /var/www if you are running many sites in /var/www. Let's say: /var/www/<a href="http://example.org" target="_blank">example.org</a> /var/www/<a href="http://example.net" target="_blank">example.net</a> /var/www/<a href="http://sub.example.org" target="_blank">sub.example.org</a> Each of these directory has to be owned as www-data:www-data if you use only www-data user to manage all virtual hosts and unix_user:www-data in case of multi-user virtual host based web server. It's a quick tip, all depends on your needs and web server's architecture. </blockquote><div> "Each of these directory has to be owned as www-data:www-data" This is absolutely not true, and a bad idea for reasons already pointed out in this thread (Roy Sigurd Karlsbakk's email). Only set www-data as the owner when a web application specifically calls for it and only on the folder or file that it calls for. For instance, say a web application requires the web server to have write access to /var/www/myapp/uploads/. Then keep /var/www owned by root.root and perms set to 755, and change just the uploads folder to be owned by www-data.root (or www-data.www-data, or root.www-data with 775 perms, it's all the same). If you do want users without root privileges to be able to modify the directories, then that is ok give them permissions to write to whatever they need, but you do not want to give www-data any more than read permissions unless your web application specifically calls for it. Brazen </div></div>